The need for cryptography everywhere

Computer security is to some extend a feeled asset. Thus user tend to do less than nescessary to protect their computers. They install a firewall and think “I don’t need a virus scanner” or vice versa. Or they think “I use an anonymizer, i don’t need encrypted communication” . At least this is a good explanation for the findings of DEranged: DEranged gives you 100 passwords to Governments & Embassies. The trick to gather such informations was really trivial: Out of security reasons many people use networks like Tor to anonoymize traffic. So, you give your communication to other peoples systems to deliver them on your behalf, so you can’t be tracked as the source by the logfiles of the accessed server. Okay, good thing. The dark side: They can snoop your traffic. Bad thing. Especially, when you used unencrypted communication. And this is exactly the way, how DEranged was able to gather such high profile account informations. But this leads to an interesting question: Why do service provider offer unencrypted communications or switch back to unencrypted communication, after they have authenticated their users. Simple reason: It’s incredible expensive to encrypt every communication, and albeit many service providers for communication default to SSL, they are glad of every user, who doesn’t use encryption. Most of the time you can’t even use is for not visible services, many providers don’t offer SSL for their authenticated POP3, IMAP or SMTP connection, and when they offer such a server, they do not force their users to use it. The reason is simple: As fast as a general purpose CPU like Opteron or Xeon is, so slow is it at encrypting all this traffic. The led to the invention of SSL Accelerator Cards, but as these add extra costs to the hardware they are not as ubiquious as they should be. Sun saw this problem and integrated encryption supporting circuits into UltraSPARC T1 and a full-fledged accelerator into UltraSPARC T2. You get encryption for free, when you use this processor, as the accelerator computes in parallel to the other pipelines. When you use the Sun modified SSL libraries (enabled to use the Solaris Cryptographic Framework) or the in kernel SSL proxy is as easy a few configuration statements to have the performance to force all your users to encryption without loosing performance on your webserver. I don’t believe that Opterons or Xeons will go the same way. Out of the reason, where the money in x86 is earned: The server manufacturers participate from the ever elastic demand in computing power in regard to gaming and HPC. They are not genuine server processors, and compared to the amount of system selled by desktop manufactures, the amount of processor for servers is small. So: When Intel or AMD have the choice to invest - let’ say - 5 million transistors to 5 or 10 frames more in Quake 10 or for hardware accelerated encryption i doubt, they will decide for the second choice. You can make more money out of the 5 frames. And this get worser, as the horde of enthusiasts websites without knowledgeabout useful benchmarking and the real life in datacenters with their adjactent fanboy entourage got the role of appointing prestigious “the fastest processor” title. And those people doesn’t benchmark SSL webserver performance. Sun has an advantage here, as we designed the T1 and T2 specifically for server usagePerhaps this brings Sun backs to the place where we had a big stronghold. You remember, we were the dot in .com , before we got really bad marketing claims (Who understood the nth claim ?)